[Catalyst] How to encrypt database password when connect?
Matt S Trout
dbix-class at trout.me.uk
Fri May 25 04:53:38 GMT 2007
On Fri, May 25, 2007 at 10:08:00AM +0800, Cookie wrote:
> I write my database connect info in the yml files.It's not very safe because
> the database password can see by everyone who can access the catalyst
> folder.I want to know if there any way to encrypt the database password use
> the internal method of connect_info?
That won't be any more safe. The user the app runs at has to be able to
get the password, so your best option is to chown the config file to that
user and chmod it 400 so only that user can read the file.
For particularly sensitive stuff, give the app its own user and run it
as an suexec-ed fastcgi handler.
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director Want a managed development or deployment platform?
Shadowcat Systems Ltd. Contact mst (at) shadowcatsystems.co.uk for a quote
http://chainsawblues.vox.com/ http://www.shadowcatsystems.co.uk/
More information about the Catalyst
mailing list